5777 matches found
CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...
PT-2026-48513
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
CVE-2026-47347 TYPO3 CMS - Open Redirect in Core Utilities
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...
CVE-2026-47347
CVE-2026-47347 affects TYPO3 CMS where GeneralUtility::sanitizeLocalUrl can be bypassed, enabling an open redirect if a URL is used after sanitization. Affected versions are older: 10.4.57, 11.0.0–11.5.50, 12.0.0–12.4.45, 13.0.0–13.4.30, and 14.0.0–14.3.2. The CVE entry notes the impact as open r...
PT-2026-47740
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Applications utilizing the...
TYPO3 CMS 输入验证错误漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a vulnerability in input validation of TYPO3 CMS, which stems from the GeneralUtility::sanitizeLocalUrl function. This function allows URLs to be used for redirection even after cleaning, potentiall...
CVE-2026-10210
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...
CVE-2026-41067
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...
CVE-2026-31205
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
CVE-2026-40186
ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...
CVE-2026-41278
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...
CVE-2026-44650
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename...
ROOT-APP-NPM-CVE-2026-44990 CVE-2026-44990 in @rootio/sanitize-html - Patched by Root
Root has patched CVE-2026-44990 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2017-16016 CVE-2017-16016 in @rootio/sanitize-html - Patched by Root
Root has patched CVE-2017-16016 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2019-25225 CVE-2019-25225 in @rootio/sanitize-html - Patched by Root
Root has patched CVE-2019-25225 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2016-1000237 CVE-2016-1000237 in @rootio/sanitize-html - Patched by Root
Root has patched CVE-2016-1000237 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-26539 CVE-2021-26539 in @rootio/sanitize-html - Patched by Root
Root has patched CVE-2021-26539 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...